<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
    <h1>hello</h1>
    <a href="javascript:;" onclick="xsrfPost()">发送POST请求</a>
    <script src="http://cdn.bootcss.com/jquery/3.1.1/jquery.min.js"></script>
    <script>
        function getCookie(name) {
            var r = document.cookie.match("\\b" + name + "=([^;]*)\\b");
            return r ? r[1] : undefined;
        };

        function xsrfPost() {
            var data = {
                a:1,
                b:2,
                _xsrf: getCookie("_xsrf")
            };
            json_data = JSON.stringify(data);
//            $.post("/", json_data, function (data) {
//                alert("OK");
//            });
            //X-XSRFTOKEN
            $.ajax({
                url: "/",
                method: "POST",
                data: json_data,
                headers: {
                    "X-XSRFTOKEN": getCookie("_xsrf"),
                },
                success: function (data) {
                    alert("OK");
                }
            });
        }
    </script>
</body>
</html>